Biometrics Solution of Utimaco Safeware Cannot Be Outwitted by Forged
Fingerprints Combination of Biometrics and Smartcards Offers Optimum Protection against Current Attack Scenarios
Oberursel, May 28, 2002, During the last few days it has been discussed in the press and other media how login systems can partly be “outwitted” by means of fingerprints.
With these attacks the attempt is made to get unauthorized access to a computer system by means of an imitation fingerprint.
Basically, there are two possibilities:
1. The authorized user provides his fingerprint for making a copy.
2. By forensic procedures a fingerprint is taken without the authorized user’s consent, e.g. from a used glass and, in several steps, a duplicate of the fingerprint is created.
Both procedures were only successful because the access to the computer system was only protected by the biometric procedure.
Indeed, this is the reason why Utimaco Safeware uses only biometric login procedures in combination with forgery-proof smartcards in its products. Thus, the scenarios described above are ineffective as only the combination of fingerprint and smartcard allows access to a computer system. If you are not in possession of the smartcard, you cannot achieve anything solely with a forged fingerprint, as it is only used to unlock the smartcard. At each login the smartcard compares the fingerprint with the reference fingerprint stored on the card.
Therefore, Utimaco Safeware recommends its customers to stipulate in their security policy that the user always has to take his smartcard with him when leaving the workstation. Moreover, the workstation is automatically locked when the smartcard is removed and an attack with a forged fingerprint is no longer possible.
The use of biometric procedures in combination with a biometric-enabled smartcard has further advantages: As the reference fingerprint is stored on the card, central and vulnerable reference databases are not required. Moreover, further sensitive information such as passwords for single sign on, cryptographic keys and signature keys can be stored securely on the card. A further advantage of Biometrics is the reduction of helpdesk costs as forgotten passwords do not have to be reset. Thus, the combination of biometrics and smartcards represents a comfortable, user-friendly and secure solution for a wide field of applications in IT security.
Utimaco Safeware AG is one of the leading European technology manufacturers of professional IT security solutions. The security technology and solutions developed by Utimaco Safeware protect the electronic data of companies and government bodies against unauthorized access and guarantee that business processes and administrative procedures in the electronic world are binding and confidential.